For a few weeks in 1982, I was convinced that space aliens were outside my house. I had irrefutable evidence: strange lights, odd noises, and the like. Of course, the lights were the neighbor's pool, and the noises were the wind. I was just a child, caught up in the hysteria of having just watched the movie Alien on cable a few nights before. I eventually grew up and accepted the reality that aliens were not going to eat me.
Sometimes when I look at the security industry, I see a lot of children, quivering in their beds, sure that malicious hackers are going to eat them. The story is similar: Some "133t" hacker at Black Hat or Defcon demonstrates the latest vulnerability and the audience "oohs" and "ahhs." In the flash of a blog post, media fire up the hysteria engines and the hyperbole begins. "ATM machines are no longer secure!" "Is your money safe?" "Will terrorists take down the power grid?"

This is nothing more than hysteria and it undermines sound enterprise information security practices. The security community must stop this hysterical response to vulnerability research. Security professionals must embrace more measured, logical and reasoned responses to new threats. This unjustified hysteria encourages companies to waste millions (perhaps billions) to defend against phantom threats that will never pose any real threat to them.

The link for this article located at Search Security is no longer available.